The cloud isn't all silver linings – sometimes it rains

by Rene Ritchie, Daniel Rubino, Kevin Michaluk, Phil Nickinson

Put everything in the cloud, they said. Sync your files, back up your phone, put it all online, they said. It'll be great, they said.

And then the cloud stopped working. It was temporary, but for a while, everything stopped. Your email didn't come for a few hours. Your music was out of reach. That file you desperately needed for your presentation only came up as a 404. The cloud was gone.

As much as we love to tout the cloud out as the future, cloud data and computing is not without dark sides to accompany the silver linings. Does putting your data online mean it's going to be easier to compromise than if it was on your computer alone? Can we trust these companies we're handing our files to?

When we put files in the cloud, are they still ours? And what are we supposed to do when our cloud of choice inevitably falters and goes offline? The cloud is the future, but what dangers does that fog conceal?

Dark side of the cloud

Articles navigation

Sure, the cloud has risks, but it’s not that bad

Nothing that is digital is secure, but some things are more secure than others. Is the cloud any better than your physical PC? Like a lot of technology, the results are mixed. Relying on larger companies whose job is specializing in information storage and security is probably a good thing, because as important as your family photos are or that romance novel that you’ve been working on for years may be, these companies need to make sure their enterprise security is up to snuff. While consumer business is important, large customers like governments and Fortune 500 companies drive security technology, which then trickles down to consumers.

That’s a selling point for cloud storage, but security is only as good as your password. And if that gets compromised, everything you’ve stored can be wiped out or copied in moments, all without your knowledge. This is where multi-factor authentication comes into play for protecting your information.

Your account could be hacked and it could be hours or days before you noticed.

Indeed, your account could be hacked and it could be hours or days before you noticed. The old days of swiping data off a computer required it to be online or the attacker to have physical access - they need no such thing for cloud data. Hackers have the luxury of time and can work “off hours” to gain access to your files while you aren't around.

Meanwhile, files stored on your home PC certainly stand a better chance of not being compromised, so long as your desktop security is current, malware protection is up to date, and no one has broken into your home to steal your computer. So yes, there is a tradeoff between security and convenience.

Through the PRISM

While we worry about the security of our files from hackers and the prying eyes of corporations, there's also an actor working behind the scenes: the government. When it comes to cyber espionage, few nations come close to matching the breadth or depth of the United States government, specifically the National Security Agency.

The NSA's existence itself was a secret from its formation under the direction of President Harry Truman in 1952 until 1976 when Congressional hearings on securing the nation's phone networks publicly outed the agency. Chartered to monitor foreign electronic communications, the NSA over the past six decades has amassed significant domestic surveillance capabilities thanks to laws passed by Congress.

In 2013, NSA contractor Edward Snowden revealed several NSA programs that engaged in the mass collection of domestic and foreign communications. The revelations included the PRISM program that claimed warrantless direct access to the servers of numerous technology companies like Apple, Google, Facebook, and Microsoft; XKeyscore, which is alleged to be capable of tracking an internet user's activity online with just an IP address; and an aggregation tool called Boundless Informant that brings together all of the data the NSA collects.

If you're storing sensitive information in the cloud with a weak password or are not using multi-factor authentication for said service, you are certainly taking a risk. Even more so if you don’t do the only tried and true method for data protection: encryption and multiple layers of security.

Because of these reasons, you should always keep a backup, encrypt your sensitive data, and authenticate you computers. In addition, it will take companies going forward to invent and implement new forms of security to deal with threats as they arise, often going back and forth with hackers to secure their services.

Cloud storage may not be any safer than current forms of storage, but it is also up to users to actively take a role in protecting their data.

The NSA is watching everything you do online...

- Derek Kessler / Managing Editor, Mobile Nations

Are you worried by warrantless government mass cyber surveillance?

876 comments

Kevin MichalukCrackBerry

Here are my files, please don’t read them

Microsoft. Apple. Google. Dropbox. Can we trust these big players in the cloud? In essence, that is what we are doing when we hand them our files: we're putting our trust in them. We're potentially opening up a huge mineable database of information about us depending on what we're uploading to these clouds.

Every company wants to know as much as possible about their customers. The more you know about them, the better a service you can build for those customers. While there's some amount of altruism in wanting to build the best service possible, it's also pure capitalism - building a service that exactly fits your needs and will be difficult to refuse.

Terms of the Drive

Whether deserved or not, Google has a reputation as a company that's somewhat nosy when it comes to its users. Google's mission - to catalog the world's information - is inherently nosy, and several times the company has publicly brushed up against where the general public draws a line regarding their own privacy.

When it comes to the Google Drive service, Google states in their terms of service that "You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours."

Even with that apparently clear-cut line, Google retains a lot of access to your files. While they're clear to state that they will not change a private document to a public one or use private files in advertising, Google's Terms of Service state that they're free to use your public documents for marketing or promotional campaigns. As with practically everything on the internet - once you put it out there, it's not just yours anymore.

Microsoft, Google, and Apple all have additional operations outside of their cloud services. More accurately, cloud services are additional to their primary operations. They all produce and sell hardware, software, and online advertising, all businesses that can benefit from knowing more about you.

Advertising in particular is becoming frighteningly personalized, and the more these companies know about you, the better they can target you with ads automatically tailored precisely to what you didn't even know you were looking for.

We put huge amounts of information online without even thinking about it. Our emails, our contacts, our memos, music purchases, and cloud documents - all online and open for the mining.

Thankfully, there are measures in place to protect our data. Even in these big multi-faceted conglomerates there are walls in place to safeguard privacy. While better products could be built with that data, they know that trust is more important to customers, so their terms of service all state that your data is yours alone. It's not to be mined, trawled, or extracted for anything other than very broad statistical purposes.

Even in these big multi-faceted conglomerates there are walls in place to safeguard privacy.

Even if they wanted to, Microsoft, Google, Dropbox, Apple, Box, Evernote, and every company in the cloud business knows that it's easy for a customer to switch to another service should they feel that their privacy has been violated. So far it seems that everybody's done a good job of staying on the right side of this line, though it's likely only a matter of time before somebody steps over.

When that day comes, hopefully you encrypted your sensitive files before uploading them to the cloud, or you're about to get some hyper-specific banner ads.

Security is very important, performance is very important, and usability is very important.

Which cloud services do you trust to keep your data secure?

Cloud down: What do you mean 'could not connect'?

Clouds come crashing down. It happens. It sucks, but it happens. To everyone.

At some point that cloud service you depend on -- and the one we’ve been touting here, yes -- will go down. It will happen. And chances are you’ll 1,000 blog posts about it when it happens.

(Ever want to see Internet news digress into TV news-style coverage? Here’s your chance. “We’re following the story live as it happens! [INSERT CLOUD SERVICE HERE] is D-O-W-N!”)

It shouldn’t happen, right? We live in a digital age of any number of redundancies. If one server goes down, the rest pick up the slack. Theoretically.

If one server goes down, the rest pick up the slack. Theoretically.

I tend to think of major cloud service crashes like airplane crashes, actually. Chances are it’s not one thing that took it down. Rather, it’s a series of missteps -- be they accidental or malice by some outside force -- that cascade on one another and ultimately end in you and me pounding on the keyboard. Same deal with massive electrical blackouts - one thing broke, but the rest of the system wasn't up to handling the rest of the load, and everything just falls apart.

The Great Gmail Crash of 2011

If there's one company that's defined the modern cloud, it's Google. The company has been built around web services, only recently branching out into other markets, though still doing so in a way that supports the web services (see: Chrome OS).

As a company that is defined by and helped define the cloud, when Google fails it's news. Especially when its one of Google's more popular products. In 2011, the highly popular Google email service Gmail crashed hard when a buggy update was pushed to Google's servers. Tens of thousands of accounts immediately went offline.

Affected users were unable to access their accounts, and those accounts were not receiving new mail. After several hours offline, Google resolved the bug and restored Gmail service; many affected users found that their accounts wiped clean. Fortunately for them - and for Google - the accounts had been backed up on magnetic tape, though it took several days for all affected accounts to be restored.

A good cloud service is prepared for the worst. A proper message for if and when the inevitable happens. Twitter used to go down so often, the “Fail Whale” began to take on a life of its own. At least that brought a little levity to it. But chances are you’ll see something much more corporate and without a whole lot of information. “Some of our users may see interruptions in service. Thank you for your patience.” That’s not to say that behind the scenes it’s a beach party. Chances are all hell is breaking loose and folks are working and losing sleep over getting things up and running again. But we live in a world with lawyers, and the less you say at first, the better.

To me, the true sign of a quality cloud service is in the postmortem. Tell me what happened. Tell me why it happened. And tell me how you’re working to never let it happen again. I don’t need 10 percent off my next month’s bill (though I won’t turn it down).

I just need assurance that the cloud will soon return to its usual, fluffy state and stay that way.

How do you handle the cloud being unavailable?

876 comments

Rene RitchieiMore

You think you own that music? You don’t

A few years ago I was grappling when I got caught in a cross choke. In my head, I felt myself getting faint so I tapped out to signal my opponent should stop the choke. In my head. In reality, I got choked out and lost consciousness. If you’ve never experienced that, it’s disorienting to say the least. As I came to and wondered why there was a group looking down at me, I heard a friend of mine say: “I get his DVDs if he dies!”

That’s either funny or abysmal, depending on your sense of humor, but it’s also outdated. I don’t have any DVDs any more. All the movies I’ve bought in the last couple years have been on iTunes.

Last year, that friend’s 6-year-old son told me, “Don’t worry, I know your iTunes password if you die!”. Like father like son, right? Arguably just as funny, but also inarguably unworkable.

A license to license

Technically when you purchase a song through iTunes, Amazon MP3, or any other digital download service, what you're really buying is a limited license to the product. The license limits how you may use and distribute the music, including how many devices you may load it on to, how many times you can burn a playlist, and even the kind of HDMI connection needed to view content on such a display (HDCP-compliant, for the record).

A case decided in 2011 by the United States Ninth Circuit Court of Appeals settled the matter of whether or not producers had sold the rights to Eminem's music to distributors or had licensed the rights. The court found that the legal agreement was not a sale and was instead a licensing, leading to distributors have to pay record companies significantly more (upwards of 50% for licensing, as opposed to 12-20% for retail sales).

The decision didn't affect the licensing model employed by Apple for the iTunes store - Apple still retains 30% of the sale price and passes the rest on for the distributor and record companies to fight over.

I could give away a DVD. I could sell or lend or even bequeath it. What can I do with an iTunes movie?

I can’t give it away; it’s locked to my Apple ID. I can’t sell it. I can’t lend it. And even if I bequeath my Apple ID, in can't be transferred or integrated with the recipient's own account - for technical and legal reasons.

That’s just iTunes. What about my Dropbox account, which contains my entire Documents directory? What about my device backups on iCloud ? What about my Google account? Do I own those, or do I just have use of them? If anything happens to me, who gets that data? Who gets the apps on my Mac or my iPhone or iPad?

If anything happens to me, who gets that data?

I know who gets the books on my shelves, but who gets the iBooks and Kindle books up on the cloud? I paid for them, I should be able to pass them on. The media companies, however, likely feel I licensed them, and that license is null and void the moment I am. Legally-speaking, those are the terms of service to which I agreed.

We’re in a time of transition, of turbulence. Technology is once again outpacing law and morality. Traditional concepts of ownership are being challenged. The cloud is a big part of that, and unfortunately, because it possesses much of our stuff, it also owns it.

Conclusion

When you put something in the cloud, you're risking that it will be compromised or that the server might go down and you'll lose access. But you're also risking that when you put something on your computer or mobile device. At least when it's in the cloud there's a level of redundancy between multiple servers and any devices you may have it synced to.

In the end, the security of your data is up to you. You're the one that sets the account password and decides whether or not to enable two-factor authentication. You're the one that does or doesn't encrypt sensitive data before uploading it. You're the one that does or doesn't upload sensitive data in the first place.

And if the cloud goes down, oh well. It'll be back, and it won't be the end of the world. Technology fails all the time. Even the technologies that have been around for ages are subject to failure, and the cloud is no different.

Is there a dark, threatening underside to the cloud? You bet. But there's also a slew of silver linings - it's up to you whether or not you pick cloud services that you trust to be there when you need them.

Portions of this page are modifications based on work created and shared by the Android Open Source Project
and used according to terms described in the Creative Commons 2.5 Attribution License. AndroidCentral is an independent site
that is not affiliated with or endorsed by Google.